Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21c12458-40e0-4368-b79a-97b69e7070f9.roa
File:                     21c12458-40e0-4368-b79a-97b69e7070f9.roa (raw, json)
Hash identifier:          95V2hi/QCpx++aRSm5IUSnqWxQx8Z7Zlcn9OROHxfYA=
Subject key identifier:   4B:A2:1C:41:81:A1:DB:1D:78:CE:18:C4:9C:59:41:D4:72:9C:B3:80
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       54CD24D6D5C2114075AE02B0F1CF4FB6A3CBEA3D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21c12458-40e0-4368-b79a-97b69e7070f9.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f11::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:cd:24:d6:d5:c2:11:40:75:ae:02:b0:f1:cf:4f:b6:a3:cb:ea:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=72f9a2444fc7d0dd59d108c9c09b2590b7b378484dd580b6da340d11cd94bdf5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b5:1b:de:55:95:e1:a4:fe:e7:8d:1d:94:81:
                    79:8d:9d:67:70:65:99:78:14:47:9a:20:32:19:ca:
                    4b:6d:13:21:2b:cb:23:8c:dc:1b:63:3f:2c:23:5c:
                    58:e6:e7:af:d6:cb:42:df:36:d7:b5:e8:95:e9:ca:
                    e9:75:b9:5d:75:24:8a:14:1a:cb:93:20:00:1e:f6:
                    45:cd:47:bb:23:48:a0:25:c4:17:46:ae:82:cb:d5:
                    e3:13:f0:34:15:61:dd:46:d2:fe:cd:d0:11:6b:62:
                    12:3c:ea:01:52:c0:9b:ed:dd:8e:25:49:dc:07:7d:
                    95:71:b8:56:03:72:fc:8b:c5:d0:6f:c3:9c:01:ca:
                    49:26:bc:2b:e0:d0:92:8c:83:37:5b:0d:05:3b:c6:
                    6e:c6:b9:bf:7c:49:7e:3d:c9:52:12:21:68:43:f3:
                    a0:7d:e5:06:c2:c1:81:d3:3d:0b:4b:50:0c:f0:e9:
                    7c:27:28:00:9f:d8:91:27:c2:ef:f5:d5:9a:bc:a7:
                    f9:d6:a4:7a:39:ae:72:10:32:90:03:e7:d8:83:06:
                    c1:75:f2:cd:4c:98:f1:0c:f3:86:ae:30:11:5f:08:
                    a2:a8:d7:8a:c6:68:78:0a:42:c7:00:68:2c:0f:a5:
                    26:73:b8:bd:db:dd:3c:41:86:df:be:42:f4:fc:d9:
                    fb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A2:1C:41:81:A1:DB:1D:78:CE:18:C4:9C:59:41:D4:72:9C:B3:80
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21c12458-40e0-4368-b79a-97b69e7070f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f11::/36

    Signature Algorithm: sha256WithRSAEncryption
         a3:7e:b0:b2:54:30:f4:6b:89:2f:9d:60:5f:42:51:d0:8a:84:
         91:be:c3:79:5f:0e:e7:ab:46:bb:9a:78:70:07:f3:98:94:ac:
         96:ce:30:c4:ca:f2:b7:a8:bd:6e:6a:ea:33:12:55:41:30:60:
         3a:38:ff:23:da:58:ec:99:ce:01:4e:66:6a:10:49:c2:fd:30:
         6e:f3:75:44:eb:b2:90:43:a7:62:b4:80:60:48:c1:3b:ce:00:
         94:22:a2:50:51:c6:50:cb:0f:28:93:3e:37:b6:8c:96:bc:2f:
         fe:9a:52:34:b3:d3:c0:9a:46:1c:9d:1d:ec:5a:f7:a5:77:ef:
         ab:14:b8:6d:9f:1f:c2:45:b5:5b:73:4f:5c:45:f6:04:47:53:
         c1:4a:67:a2:c8:57:cd:c2:41:7f:d1:87:ef:70:d6:aa:f8:81:
         fd:2a:1d:ff:65:d4:32:3c:0d:7e:e9:2b:4d:f5:f0:c2:28:ca:
         54:e3:c6:42:aa:a5:ad:ae:bb:2c:31:d8:df:b1:9d:b2:c9:c0:
         b0:41:5f:79:61:27:de:62:2e:fe:30:1a:82:d3:0d:d4:e5:6b:
         7e:d0:7e:cd:22:5c:df:f3:78:f2:49:34:e2:08:2b:83:04:f2:
         ab:1d:a9:21:ae:2c:b3:4f:61:99:a4:71:be:2d:f8:0b:69:7a:
         2a:5f:63:1e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUVM0k1tXCEUB1rgKw8c9PtqPL6j0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MmY5YTI0NDRmYzdkMGRkNTlkMTA4YzljMDliMjU5MGI3
YjM3ODQ4NGRkNTgwYjZkYTM0MGQxMWNkOTRiZGY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXtRveVZXhpP7njR2UgXmNnWdwZZl4FEeaIDIZykttEyEr
yyOM3BtjPywjXFjm56/Wy0LfNte16JXpyul1uV11JIoUGsuTIAAe9kXNR7sjSKAl
xBdGroLL1eMT8DQVYd1G0v7N0BFrYhI86gFSwJvt3Y4lSdwHfZVxuFYDcvyLxdBv
w5wBykkmvCvg0JKMgzdbDQU7xm7Gub98SX49yVISIWhD86B95QbCwYHTPQtLUAzw
6XwnKACf2JEnwu/11Zq8p/nWpHo5rnIQMpAD59iDBsF18s1MmPEM84auMBFfCKKo
14rGaHgKQscAaCwPpSZzuL3b3TxBht++QvT82fuvAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUS6IcQYGh2x14zhjEnFlB1HKcs4AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxYzEyNDU4LTQwZTAtNDM2OC1iNzlhLTk3YjY5ZTcwNzBmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8RADANBgkqhkiG9w0BAQsFAAOCAQEAo36wslQw9GuJL51gX0JR0IqE
kb7DeV8O56tGu5p4cAfzmJSsls4wxMryt6i9bmrqMxJVQTBgOjj/I9pY7JnOAU5m
ahBJwv0wbvN1ROuykEOnYrSAYEjBO84AlCKiUFHGUMsPKJM+N7aMlrwv/ppSNLPT
wJpGHJ0d7Fr3pXfvqxS4bZ8fwkW1W3NPXEX2BEdTwUpnoshXzcJBf9GH73DWqviB
/Sod/2XUMjwNfukrTfXwwijKVOPGQqqlra67LDHY37GdssnAsEFfeWEn3mIu/jAa
gtMN1OVrftB+zSJc3/N48kk04ggrgwTyqx2pIa4ss09hmaRxvi34C2l6Kl9jHg==
-----END CERTIFICATE-----